In what has sadly become the new normal, another massive data breach made headlines today, this time affecting business travelers and vacationers.

The hotel chain Marriott International disclosed a massive data breach affecting 500 million consumers who made reservations at Starwood hotels.

Compromised data includes name, address, phone, email, passport number, and date of birth, For some victims, the stolen information also includes credit card numbers and expiration dates.

Have I been affected?
If you've stayed at any of the following Starwood properties, you've been affected.
Westin
Sheraton
The Luxury Collection
Four Points by Sheraton
W Hotels
St. Regis
Le Méridien
Aloft
Element
Tribute Portfolio
Design Hotels

What should I do?
Reset your password now. Change your password for any compromised accounts. Go ahead and do it now, we'll wait here for you. Now that that's out of the way, you should consider enabling multi-factor authentication. With multi-factor authentication in place, even if cybercriminals steal your login credentials, they still won't be able to access your account without at least one other authentication mechanism, like your phone for example.

Monitor your credit accounts. Look for any suspicious activity. Remember you get a free credit report, one from each of the three major credit bureaus, every year at annualcreditreport.com. This is the only U.S. Federal Trade Commission-authorized site for obtaining free credit reports.

Consider freezing your credit. A credit freeze makes it harder to open up a line of credit under your name by restricting access to your credit report. You can lift or stop the freeze at any time. The only hassle is that you must contact each credit bureau individually to enact or remove a freeze.

Watch your inbox carefully. Opportunistic cybercriminals know that millions of victims of any given data breach are expecting some kind of communication regarding hacked accounts. These scammers will take the opportunity to send out phishing emails spoofed to look like they're coming from those hacked accounts in an attempt to get you to give up personal information. Read our tips on how to spot a phishing email.

Bonus tip: credit monitoring services. Should you sign up? Often times, after a data breach, affected companies and organizations will offer victims free identity theft monitoring services. It's worth noting, services like LifeLock, et al. will notify you if someone opens up a line of credit in your name, but they can't protect your data from being stolen in the first place. Bottom line—if the service is free, go ahead and sign up. Otherwise, think twice.

In the event that you do receive malspam of some kind, Malwarebytes customers are protected from malicious download links.

Finally, be sure to follow us on social media and stay tuned to the Malwarebytes Labs blog for all the latest updates on the Marriott breach, and all other cyberthreats.

Stay safe,
The Malwarebytes Team
Marriott breach impacts 500 million customers: here's what to do about it.

November 30, 2018 – Marriott disclosed a large-scale data breach impacting up to 500 million customers who have stayed at a Starwood-branded hotel within the last four years.